CVE-2024-26331

Name of the Vulnerable Software and Affected Versions ReCrystallize Server version 5.10.0.0

Description The issue concerns an authorization mechanism that relies on the value of a cookie but does not bind this value to a session ID. This allows attackers to easily modify the cookie value within a browser or by implementing client-side code outside of a browser, thereby bypassing the authentication mechanism by modifying the cookie to contain an expected value.

Recommendations For ReCrystallize Server version 5.10.0.0, consider implementing a secure binding of cookie values to session IDs to prevent unauthorized access. As a temporary workaround, restrict access to sensitive areas of the server that rely on the cookie-based authentication mechanism until a proper fix is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.